GhostSec, a self-described “vigilante” group, has captured the attention of cybersecurity experts with the release of a new type of ransomware called GhostLocker. The group, known for its hacktivist activities, has recently shifted its focus towards financially motivated cyber attacks.
GhostSec presents GhostLocker as a groundbreaking locking software that employs military-grade encryption during runtime, providing users with the promise of complete undetectability. In addition to its encryption capabilities, GhostLocker separates itself from other ransomware-as-a-service (RaaS) offerings by offering a unique service to manage negotiations following successful breaches. Through the GhostLocker builder, users can take control of negotiations and download decryptors by entering the victim’s encryption ID.
According to Dark web watchdog SOCRadar, GhostSec has released a video demonstrating GhostLocker’s ability to encrypt data while evading detection by antivirus software, including popular programs like Malwarebytes. This highlights the increasing sophistication of ransomware operations and emphasizes GhostLocker as an example of the evolving cyber threats landscape.
The GhostLocker ransomware also boasts several other features aimed at enhancing the user experience. Users can expect a refreshed user interface with a more visually appealing design. Comprehensive statistics are now available, allowing users to monitor locker launches, build frequency, and lifetime earnings. The builder itself offers enhanced features such as automatic privilege escalation for potential admin permissions. Additionally, users have the option to remove the background and even enter their own session ID to lead negotiations, or leave it to GhostLocker.
SOCRadar, in a blog post published on October 18, 2023, highlighted the significance of GhostLocker’s release and its implications for the cybersecurity industry. The group emphasizes the importance of staying vigilant in the face of constantly evolving cyber threats.
GhostLocker is currently being offered on the dark web for $999 during its beta phase, providing access to 15 slots. After the beta phase, the price is set to increase to $4999, reflecting its value and potential in the ransomware market.
Another hacking group known as Stormous, which has close ties to GhostSec, has already announced its intention to utilize GhostLocker. The collaboration between the two groups signifies the growing influence and impact of GhostLocker in the cybercriminal community.
GhostSec, also known as Ghost Security or GSM, was initially a hacktivist group associated with the global network of hackers, Anonymous. The group gained recognition within the Anonymous collective by participating in a hacking campaign against ISIS following the Charlie Hebdo shooting in Paris in 2015. GhostSec has also targeted the Russian government with various attacks, including an attack on the Gysinoozerskaya Hydro-Power Plant in 2022.
The recent shift from hacktivism to financially motivated cyber activity demonstrates GhostSec’s adaptability and willingness to explore new avenues for achieving its objectives. The emergence of GhostLocker further solidifies GhostSec’s role in the ever-evolving world of cyber threats.
As technology advances and cybercriminals become more sophisticated, it is crucial for individuals, businesses, and organizations to remain vigilant and implement robust cybersecurity measures. The release of GhostLocker serves as a reminder of the importance of continuous improvement and innovation in cybersecurity to stay one step ahead of cybercriminals.